Data Security – Microsoft Office XP and 2003

On 8 April 2014 , office support for Microsoft’s Windows XP and Microsoft Office 2003 will come to an end. Not the end of the world, you’d think, but if your organisation keeps personal information on those versions, this is a significant problem.

Though PCs will continue to run, the issue is that Microsoft will not be providing any further updates or fixes to these products. This means that in the event of any security flaw, your system will be vulnerable, and so in turn will any personal data you hold.

It is inevitable that, over time, attackers will increasingly find the vulnerabilities within these products, which will provide them with more and more opportunities to access and manipulate your systems. To prevent the risk of personal data breaches in these circumstances, the best advice is to migrate to a supported system before the deadline of 8th April.

It’s not just Microsoft where stopping system support is an issue – the same is true of other providers who do not support their systems. So it’s well worth making sure that you and your organisation have ‘appropriate technical organisational measures in place to keep individuals’ personal data safe.

Failure to do so puts you in breach of the Data Protection Act, and the ICO has the power to levy a fine of up to £500,000 to any organisation whose failure to comply with the DPA has led to serious issues of data security.

The size of fine varies enormously depending on the scale and potential damage caused by the breach. For example the ICO has recently fined the British Pregnancy Advice Service £200,000 after a hacker obtained thousands of individuals’ personal details due entirely to poor data security. And, on a smaller scale, the owner of a loans company, Jala Transport, was fined by the ICO after his car was broken into. The thief stole £3,600 and a hard drive. Even though the hard drive was password protected, the data within was not encrypted and it included customers’ names, dates of birth, payments made, and the identity documents provided to support the loan application. His fine could have been as high as £70,000, but was reduced to £5,000 to reflect the limited financial resources of the company and the fact that the breach was reported voluntarily.

In both cases, the breaches were perpetrated by a malicious third party. But it was the lack of the businesses’ security and protection of the personal data that was the root cause of the fines. This is why it is so important that companies remain ready for the security issues which will inevitably arise when their service providers switch off support – whether the provider is Microsoft or another.

Data Compliant helps businesses build policies and processes to enable them to become and remain secure and compliant both in terms of systems and governance – if you have any concerns over your data security, don’t hesitate to contact us on 01787 277742 or email tony@datacompliant.co.uk